Sunday, September 9, 2007

Today, I was shown two portable devices - one was a Toshiba 4G memory drive and the other one was a portable ruggerdized hard drive made by I-O Data. On the surface, none of them is found offensive until you insert them into your machine. I was asked to get rid of the programs spawned by these device upon insertion.

This request was a warning to me of potential attack using autorun and so I examined it using my machine that has autorun permanently disabled for security reason, particular since Sony used this technique to infect user's machine before the user had any chance to decline installation of any software.

After inserting the Toshiba into my machine, it took up 2 drives letters. I was asked to eliminate the annoying programs that started automatically when they are inserted.

This is a good reason why you should disabled autorun permanently on all drives because none of these annoying malware runs up on my machine.

The Disk Manager gave this away. One drive letter was consumed by CDFS and the materials on this drive gave this away as being from U3.

The second partition was just an ordinary FAT partition. It is not U3 that I have found offensive.

The second device was a Japanese made 12G rugged portable hard drive. Once again it behaved like that of the Toshiba, except that it did not have English instructions with this devices. They are all in Japanese. Once again one partition containing their software was packaged in a CDFS.

What I have found offensive with this kind of device is their manufacturers' arrogance and dictatorial attitude in not asking their user if they want to configure the devices in that manner.

Their behavior is identical to that used by Sony Rootkit attack in not seeking user' consent in loading up all these software, no matter how useful the manufacturers believe in. Thankfully the U3 had provided a program to eliminate the u3 partition on the device and I quickly used it to get rid of that rubbish. But it did not come with that CDFS partition. I had to download from their site. The I-O Data was less friendly.

The only way to treat that kind of device is to send it back to the manufacturer for a refund. Don't touch it and consider them as being malware infected.

Anyone considering buying any portable device should examine the product description to determine if they are infected with this kind of anti-customer malware. If I buy a drive, a hard drive or memory drive, I want to format and partition it in any manner I want. Not forced upon by the manufacturer.

Because I turned off the Autorun, I minimized the attack to only losing a drive letter to that partition that was loaded as a CDFS. None of the Malware was started.

For those that has the default settings on allowing Autorun, the U3 will be automatically loaded on the Toshiba device because the CDFS has the autrun.inf.

On the I-O Data Portable device, it can be more damaging had I allowed it run the Autorun.inf. It would have loaded 3 programs: AutoCRD.exe, and two others as well as some DLL. All without seeking users consent.

Since these companies are so rude to their customers, people should avoid buying this kind of rubbish until they treat their users with respect. In the mean time turn off Autorun permanently.

If anyone knows of any general software to delete CDFS on portable devices, please let me know.